Are cloud security risks overblown? After months and months of hand wringing, a number of experts are warming up to the cloud as a way to boost security.

Richard Spires, CIO of the U.S. Department of Homeland Security, believes that cloud risks are overstated, while colleague Vivek Kundra, the U.S. federal government CIO, has made cloud adoption a priority for federal agencies.

The skeptic in me notes that the Feds don’t have the best security track record, and the DHS’s prioritizing of security theater over true security is troubling. However, caveats aside, a consensus is slowly emerging that the cloud can be every bit as – if not more – secure as a traditional on-premise environment.

Part of this shift is simply that the fear of the “new” is eroding. As organizations spend time learning about and experimenting with cloud solutions, they slowly become more comfortable with them. A new CompTIA study found that 72 percent of organizations that have dabbled in the cloud now feel more positive about cloud computing overall than they did one year ago.

Another reason organizations are less afraid of the cloud these days is the growing number of cloud-specific security solutions available in the market. With so many security companies rebranding themselves as “cloud” security companies, and with so many new cloud security startups out there, selecting the right solution for your organization can be tricky.

Based on interviews with organizations that have recently adopted various cloud security tools, here are five questions to ask as you evaluate cloud security solutions:

When service provider Integral Networks began investigating new cloud security solutions, one of its goals was to achieve a 100 percent virtual environment. As Integral Networks set out to eliminate expensive, unnecessary hardware by moving to an entirely virtualized environment, the company quickly realized that it needed to update its security.

The company eventually settled on Vyatta’s Network OS, which it used to secure the Desktop as a Service (DaaS) and Infrastructure as a Service (IaaS) cloud offerings.

After electing to replace its existing Cisco physical environment, Integral Networks standardized on Vyatta virtual machines, which provided all of the security and connectivity required while simultaneously consolidating its data center footprint.

“We were happy with the security we’d been getting from our SonicWall firewall, but we couldn’t deploy it as a virtual machine,” said Bryan Badger, president of Integral Networks.

Since it can be deployed as a VM, the Vyatta Network OS enables Integral Networks to offer managed firewall and VPN services in both VMware and XenServer environments. Using Vyatta VMs, Integral Networks can offer granular control and complete isolation of customer resources, as well as secure remote access for managing cloud-hosted data externally.

2. Will it make life easier for your security/IT staff?

As new cloud security products displace existing on-premise solutions, will they require your security/IT staff to undergo extensive training, learn new management consoles or introduce new items to their daily to-do list? One of the cloud’s benefits, when done right, is that it simplifies many manual infrastructure administration tasks. Ideally, cloud security should streamline security workflows.

HCR ManorCare, an Ohio-based provider of short- and long-term medical and rehabilitation care, was struggling with the high administrative burden of managing its URL filtering list, while also needing to secure its mobile employees when they accessed the web through both laptops and mobile devices.

With 60,000 employees across 500+ locations, this was no small task. Added to the mix was the desire to find a solution that would lower TCO. An existing managed service provider partner, CentraComm, suggested that HCR ManorCare evaluate Zscaler’s web security solution.

“This was a very high profile project. It affected every user in our company as well as our guest Internet services that our patients and their family members use while in our facilities,” said Thomas Vines, Director of Information Security, HCR ManorCare. “It was such a no-brainer decision . . . that its adoption was embraced and fast-tracked.”

Through deploying Zscaler’s cloud-based solution, HCR ManorCare was able to secure its mobile users and road warriors, while also relieving its IT staff of the trouble of maintaining the previous URL filtering list – a major time saver.

One unexpected headache did crop up, though. With their previous web-filtering tools, users could often “refresh” their way to restricted sites. Now that some users can’t access restricted sites, many call the helpdesk.

“Most of these turn out to be non-productive, non-work related websites with a high degree of streaming content or some other downstream traffic,” Vines said.

Obviously, this problem will quickly take care of itself as users wise up and save watching YouTube videos of cats riding skateboards for after work.

3. Will it help you with your compliance efforts?

One of the main complaints of CISOs and CSOs these days is that they are no longer security professionals, but compliance ones. Complying with regulations such as SOX, GLBA, PCI DSS, HIPPA and an alphabet soup of others is more than a full-time job.